HIPAA and Data Security

The Health Insurance Portability and Accountability Act (HIPAA), administered by Department of Health and Human Services (HHS), has transformed security, privacy and compatibility standards for U.S. healthcare informatics.
The Evero team is committed to ongoing HIPAA compliance – as the regulations pertain to each of its products and services – and will demonstrate conformance with each published final rule. eVero applications – DigitalAgency™ and DigitalClinic™ - already contain security, audit trail and electronic data interchange (EDI) features that are either currently compatible (for most final rules) or will be compatible (for proposed rules) with HIPAA regulations. Our Team will continue to monitor HHS actions relating to current (transaction/coding and privacy) and proposed (security and national identifier) HIPAA Standards and will incorporate any mandated changes into future product releases.


The following paragraphs overview the key requirements of HIPAA compliance and discuss how each impacts our proposed solution. At the end of this section we have included a summary of the aspects of our solution that directly respond to HIPAA requirements and advisories.

HIPAA Privacy Regulation

The HIPAA Privacy Regulation was published in the Federal Register on April 14, 2001. This rule went into effect on April 14, 2003. The HIPAA legislation provides for the privacy of individually identifiable health information by providing individuals access to their information and informing them on how the information will be used as well as setting limits on its use. At the core of Privacy Regulation is the idea that Protected Health Information, comprising the personal medical records of individuals, should be guarded against unauthorized disclosure. The rule covers all individually identifiable health information in the possession of covered entities – in electronic format or otherwise.

The Privacy Rule protects certain information that covered entities use and disclose. This information is called Protected Health Information (PHI), which is generally individually identifiable health information that is transmitted by, or maintained in, electronic media or any other form or medium. This information must relate to 1) the past, present, or future physical or mental health, or condition of an individual; 2) provision of health care to an individual; or 3) payment for the provision of health care to an individual. If the information identifies or provides a reasonable basis to believe it can be used to identify an individual, it is considered individually identifiable health information.